Azure NSG
Azure NSG stands for Azure Network Security Group and it's a core component of Azure security fabric. Using NSG you can filter traffic to and from Azure resources that you have commissioned on an Azure Virtual Network(VNet). Azure NSG controls access and manages communication between firstly individual workloads hosted on one or more VNets secondly connectivity between the on-premises environment and Azure via Application Gateway, VPN Gateway, Azure Firewall , Virtual Network Appliances etc and connections to and from internet. It's important to note that the standard subscription can have up to 5000 NSGs and each NSG can have a maximum of up to 1000 rules. Also, note that Azure NSG execute the rules in order of priority with lower numbered priority processed before higher numbered priority however you can also nest NSGs for particular resources. The primary purpose of NSG is to protect resources commissioned on Azure Virtual Network. However, security best practices state that continuous monitoring of the environment is vital as the incoming alerts can help you identify any security incidences putting measures in place that monitor your environment is cruisal. Azure NSG Flow Logs is a feature provided by Azure Network Wacher. This service allows you to log IP traffic information for data flowing through your configured NSGs.Azure sends this flow log data to an azure storage account where you can access it . Azure NSG best practices - Working with multiple NSGs can be challenging especially if you need to understand the effective rules when two or more NSGs control your network traffic. However, there are a few best practices that can help you manage your azure NSGs more effectively they are 1. Align NSGs to resource groups and services. 2. Use Logical Naming Conventions 3. Leverage IP ranges to streamLine rule creation 4. Leave spaces between rule priority numbers 5. Use tags to improve readability.